Utilizing Tech - Season 7: AI Data Infrastructure Presented by Solidigm - 05x19: The Intersection of Edge, Blockchain, and IoT with Jason Benedicic
Episode Date: September 11, 2023Although blockchain technology has been tainted by scammers, the core idea of distributed consensus is relevant for certain edge applications. This episode of Utilizing Edge focuses on practical appli...cation of blockchain technology in edge and IoT, featuring Jason Benedicic, Alastair Cooke, and Stephen Foskett. Two key concepts in blockchain are the distributed ledger and consensus approach. There is a lot of work being done to apply blockchain in medical, finance, IoT, and proof of provenance. Although many applications can rely on authority or quorum, larger and more heterogeneous applications might benefit from consensus instead. The other aspect of blockchain, chain of custody and immutability of data, is potentially relevant in preventing supply chain attacks and dealing with transient devices. It's important to remember that many of the things that have put people off blockchain, from financialization to public exposure of transactions, are not necessarily required in all blockchains. Guest: Jason Benedicic: https://www.twitter.com/JBenedicic Hosts: Stephen Foskett: https://www.twitter.com/SFoskett Alastair Cooke: https://www.twitter.com/DemitasseNZ Follow Gestalt IT and Utilizing Tech Website: https://www.GestaltIT.com/ Utilizing Tech: https://www.UtilizingTech.com/ Twitter: https://www.twitter.com/GestaltIT Twitter: https://www.twitter.com/UtilizingTech LinkedIn: https://www.linkedin.com/company/Gestalt Tags: #UtilizingEdge, #Edge, #Blockhain, #IoT, @GestaltIT, @UtilizingTech, @SFoskett, @DemitasseNZ, @JBenedicic,
Transcript
Discussion (0)
Welcome to Utilizing Tech, the podcast about emerging technology from Gestalt IT.
This season of Utilizing Tech focuses on edge computing,
which demands a new approach to compute, storage, networking, and more.
I'm your host, Stephen Foskett, organizer of Tech Field Day and publisher of Gestalt IT.
Joining me today as my co-host is Mr. Alistair Cooke. Welcome to the show.
Thanks, Stephen. It's always a pleasure to be here,
and it's always a pleasure to talk to the guests that you find for us.
Well, it's especially a pleasure when these are folks that we've known a long timealm moment, because we're talking about the intersection
of edge with other technologies like blockchain and IoT. And I know that some people out there
are saying, oh, no, oh, no, not blockchain. I heard about that. My mom heard about that.
But there's more to it than that. Yeah, I think there always has been more to
blockchain than what was covered in the mainstream media.
There's always been potential for more.
So although the title of this podcast makes it look more like the utilizing buzzwords, we really are going to look at practical real world use of technology that isn't just about producing a hype bubble that
lines somebody's pocket. This promise of doing real things with blockchain has been around for
a while, and I'm really interested to hear about what's actually happening with blockchain and
business benefit from blockchain. Yeah, again, the promise and premise of this podcast series, the utilizing word means making practical use of. And that's really what we focus on. And it was a little challenging, I got to say, when we did Utilizing AI for three seasons, because at that point, we weren't yet in the chat GPT and Gen AI era, it was a little challenging when we were talking about CXL because that
technology was just coming to market.
But we did it, and we're here with Edge in the same thing.
So I'd like to welcome as our guest today, a Edge Field Day and other Tech Field Day
delegates, somebody that I've known for quite a while, Mr. Jason Benedicic.
Thank you so much for joining us, Jason.
Thank you for having me.
It's a pleasure as always. Jason Benedicic, Thank you so much for joining us, Jason. Thank you for having me. It's a pleasure as always.
Jason Benedicic, as Stephen said, I'm a consultant and analyst and writer based in the UK.
Big, long history across technology and a more passionate focus over the last few years of Edge
and Kubernetes and cloud and more recently getting into blockchain technology and let me address
that like yes there is cryptocurrency and the nfts and other things that you see that have
made themselves into the media and in a number of ways from some good some bad and but the core
technology underpinning the blockchain is is a distributed database technology effectively. It's a way of consensus computing and agreeing on
what's happened. And there's a lot of real practical use cases for this. And that's
really what I wanted to kind of talk about. It is too bad because I feel like the whole
concept has been tainted by basically scammers. And, you know, I don't want to swear on a non-explicit podcast,
but people who are greedy and trying to take advantage of other people. And that's really
too bad because as you said, from the very beginning, it's been pretty obvious that
blockchain technology was an interesting technology with some potential use cases. As you said as well, a sort of a democratic way
of defining reality in a database. What is the consensus of this data set? And that is actually really interesting, an interesting concept when it comes to things like edge and IoT, where you have
a large set of independent entities that have to, or that ought to come to some consensus,
but might be disconnected, they might be new, they might be old, they might come from
different people from different directions, I can see that it would be important to have that kind
of consensus technology. And that's what you're talking about, right? Yeah, pretty much. I mean,
it's a, there's a few aspects to this, there's as compute power is available further down the stack,
we're used to, from a blockchain perspective,
we're used to having big miners or ASICs and things that,
because it's a very hard computational problem usually,
especially in proof of work.
So you're used to seeing,
this is a fairly well concentrated
into the data center piece,
but as things, technology evolves, and I've been reading recently about a project called TerraNode,
which looks to accelerate one of the blockchain technologies into the highest throughput we've heard about from blockchain in a long time.
The idea of distributing this out even further as compute power gets bigger, as we can do more in different areas.
And you and I speak a lot about different emerging technologies,
the way that chiplets are being designed,
the way that GPU technologies and other ASICs and FPGAs
for kind of offloading and distributed systems
are coming together really well to form a whole new ecosystem of opportunity.
So we've got the ability to spread out the blockchain processing across the edge, as
well as using blockchain technologies to kind of verify and secure edge and IoT.
So there's kind of two angles we can look at this as well.
I think that aspect that there are two very distinct angles here. One is that
building that consensus-based distributed view of what the truth is
and then separate from that is the actual ledger idea, the immutable ledger
component. And these two can be used completely separately. You can use that immutable ledger to say,
we are certain that the data we're now processing
is the data that was first presented,
even if it was presented somewhere else.
You don't have to have the distributed consensus
to have that ledger component.
But I think there's some really interesting use cases
around the distributed consensus because there's scenarios around IoT where you have a large number of sensors,
each of which has a relatively low reliability. And so a consensus-based view of what reality is
can be really beneficial in improving the quality overall of that data that's coming back from these
relatively low reliability sensors.
Have you seen that actually being done by real world customers, Jason?
So I think what we're seeing is a lot of research in the medical space for this.
I've been reading some good papers recently where we're looking at different kind of medical
devices that can be monitored, whether that's in the home or outside of a medical setting. So things like monitoring
of people, especially the elderly maybe, you know, did they fall? Are they looking more unstable?
And kind of taking that and using that data across maybe multiple data sets and from different sensors and then having some form of consensus on that
and that the data was generated from the right devices,
that the security and the identities were correct
and those sorts of things
and making sure that we've got a kind of chain of custody
and understanding where that data was coming from.
When it comes to the question of consensus, I think that one of the things, well, that
I would sort of ask about, but also sort of insist on, it certainly is possible.
I mean, one of the biggest criticisms of blockchain technology, apart from the proof of work,
energy usage and the scams and everything.
But, you know, if you look at the
blockchain itself, one of the big questions is why do we need consensus when we can have sort of an
authority that just decides on consensus? Because most IT systems, most technical systems essentially
work on an authority basis, not a consensus basis. In other words, if we're building a cluster, you know, we need three nodes so that
we can have kind of a two out of three vote that says, no, this is the right thing. It's the same
with RAID. It's the same with basically everything in IT. And it's also the same when it comes to
finance. So if you look at, you know, any kind of, even among peers or among a vast system that
you'd think, oh, blockchain would make sense there. A lot of the times you can sort of boil it down
and say, no, no, no, we can go back to authority, not consensus. You know, we can say MasterCard
decides which transaction is valid. We can say this medical device manufacturer is the ultimate arbiter of which of these are
legit devices and which of them aren't. So when do we need consensus technology specifically,
as opposed to a centralized authority-based approach? I mean, in things that are highly
regulated, like you mentioned finance there, if we have a centralized approach, and let's just say that this information was going back into a database,
for example, a rogue actor could go back and change a database record.
But when we look at immutable ledgers and consensus,
and there's a lot of talk about, you know, being public and that this is public records.
But what you can use and what a lot of use case of the blockchain is for is for taking hash records.
So it's a time stamped proof of what you said happened, happened.
And everybody can agree on it. And the good thing about the way the hashing
and those things, those technologies work is that even if I change the smallest bit of data,
that hash has changed. So if I change the case sensitivity, if I uppercase, if I add a full stop,
if I add a space somewhere else, if the data had changed, I've got that record, I can say,
if I hash this again, it doesn't match the hash that was there
and that everybody agreed on.
It gives you ways to prove provenance.
It gives you ways to, you know,
highlight when things have changed
and selectively disclose information.
I actually watched an interesting piece
from one of the prominent researchers in this space talking about how we
can work on systems for storing data where you can selectively disclose, especially like in
government or areas where, you know, they have to redact certain things. So you can say,
we can attest to the fact that there was a group agreement that at the time this document was written, this is what it said. And you can then check that even if you've been given a redacted piece of that information, that the redacted part of the information you were given is applications I think that benefit the most from blockchain's consensus approach is, you know, when you really don't have authority or quorum and you really need to get somewhere.
And to me, it's about having a lot of heterogeneous systems that don't all trust each other or can't all be trusted, all interacting. So in terms of blockchain consensus,
if you look at the mess that is IoT, that makes sense to me because essentially you have tons
of manufacturers working on tons of different devices with all different software. It makes
sense that consensus may be valuable in that scenario. And it's the same with a lot of other things.
And the provenance question is important too, because that's, I think to me,
on the other side of blockchain,
the sort of distributed ledger and sort of the proof of reality,
provenance is to me the most important application of that technology.
I need to know for sure that this hasn't been mucked with.
And how can I do that? Well, a good way to do that is to have mathematical checksums and or
some authority that tells you that's how it is. But, you know, the blockchain provenance has
actually has been fairly well proven, even despite all the cryptocurrency and NFT stuff, right?
Yeah, I think there's one of the things I want to come back to is Steven's definition of master
versus consensus and a three node cluster that reaches a majority decision as a form of consensus. The form of authority would be, in an IT sense,
would be Windows PDC emulator that has the authority to issue identities and the sole
authority. It doesn't require anything else to confirm those identities. So absolutely the separation of authority from consensus is an important aspect and very useful way of using blockchain but I think that
immutable governance of data, that non-repudiation of changes, essentially
the chain of custody of data is probably the most business valuable part of this.
That the medical device that's monitoring a patient hasn't been tampered with by a bad
actor, hasn't been tampered with by the person who's being monitored to produce a better
result so they have to pay less for their insurance.
There's that whole chain of custody of data is becoming, I think, more important as the
data is being generated in places that we trust less and so that again that that chain being rooted on on
something we have more control of quite separately from from the consensus base
we can still have that central authority and and I saw this in first come up when
AWS started offering services their quantum ledger database has a central source of authority,
but has that chain of provenance on the data that solves a bunch of business problems.
And so it is quite clear that there are two different sets of business problems that can
be solved. And in the use cases that we've seen of the CryptoBrow use cases, the two
have been used together
but they don't have to be yeah yeah that's it's very true that there's a whole number of underlying
technologies that make up the i i know they commonly often refer to as like the web3 stack but
you've you've got a whole number of things around so the immutable ledger is a part the way that
um consensus works and there are other things that are coming
in so we see it a lot in like the consumer side with what they call wallets where you store things
but if you look into that a bit further where you've got like distributed identity services and
is this person really who they say they are and can we validate their identity based on a set of
encryption keys and so there's kind of like a whole series,
a whole set of layers of technology that are underpinned here
that all have a really large benefit for moving forward.
I mean, I like to think about some of the things
that could happen with distributed identity.
I can prove who I am consistently and, you know,
through that majority consensus of, and not have to keep
signing up to things or have to prove myself to a government or a body or, you know, employment
checks or other things like that. There's some really nice things there that can work. And
back to a previous thought about when we're talking about IoT. And the other thing about that consensus or that
provenance is also for things that have kind of sporadic connectivity or things that can
get slightly altered. And how I think about this from an edge is I've got local connectivity
to my edge from IoT devices, and I can make all my checksums. I can check everything was good there.
And then that data goes back to the cloud. I can then compare my checksums. I can check everything was good there. And then
that data goes back to the cloud. I can then compare it. Like, was there anything,
was there a loss of transmission? Was there a, did the data get, you know,
adjusted in flight or did we lose some of it? And you've got that whole layering it together
really works well in this kind of edge and IoT world. Yeah, I really like the idea of
that chain of custody too. As when you're talking about, again, IoT or remote devices,
you know, something that has come up on our conversations is the, well, the necessity to
have zero touch administration of systems and the reality that in many cases, those systems may pass through
different hands. And so it would be nice to know sort of for sure, is this exactly what I think it
is? And I don't necessarily just mean like a server or something like that. I mean, I'm thinking,
you know, sensors, intermittent connectivity, I could see a scenario
where we could have, I don't know, attacks against these systems that would involve replacing
components. And you'd have to make sure that you could have, you know, repudiatable or non
repudiatable, I don't know which way it is, but you know, that you could make sure that the component that you're getting this data from really is who you think it is,
and it's been in the right hands and so on. I'm not sure how that works, but it seems to me that
that would be a good application. Yeah. And I kind of seem to remember, like, I did some work in
Kubernetes at the Edge a couple of years ago with GigaRome. And I remember talking to one company,
I can't think who it was off the top of my head,
but it was talking about like attestation that the hardware is what it says it
is by check sums and block,
you know,
BIOS level information and TPMs and those things.
That's,
you know,
really interesting that I could from manufacturer write that information to a blockchain
and people could check it every step of the way and say this device hasn't been tampered with the
the firmware checksums check out the software md5 checks out everything checks out across
the whole life cycle of the device cradle to the grave. And that's really good for thinking about supply chain attacks and things like that.
Yeah, and I think we saw some of this from Zadida at CloudField A1
about that heightened device and using cryptographic verification.
I didn't pick up whether they were going through the entire lifecycle of of the device or just doing a point in time because of course verifying that all of
the checksums all match up right now is one thing but knowing that every time
those things change it's in a way that we've controlled and that's what the
blockchain would give us I wasn't clear whether Zadida had gone there but
it seemed like a logical place to be going because over the life cycle of that device at the edge, there are going to be changes to the device.
You want to be certain that all of those changes were made in a way that is governed by central
IT.
That's the sort of use case where you do want central authority, but you definitely want
then that immutable ledger of change. It'd be interesting to see that go even further into
having the things like container images, all of the layers in your Docker images, and although
they're checksummed, that's not quite the same as having that attestation that they've never
been modified along the way. You could very carefully craft an attack layer in that image to match the same checks on.
But if you're using a full crypto, it might be a little easier to protect.
Yeah, exactly. And that's a really interesting thought,
because I'm trying to get my hands around a really practical application here.
And container images is a great idea because it passes through various hands, you know, and it has various stages and you want to be able to go back and look at the provenance of that image. Essentially, most containers use sort of an overlay file system, which says basically, here's the file system.
And then and if you if you make any changes to it, that becomes a new or you check in a set of changes that becomes a new layer.
And think of that layer as sort of a card with holes in it.
So you can see the previous layer through the holes and you can see the new data on the card.
And then another card with holes on it is overlaid and another one is overlaid.
And that's fundamentally how a lot of container images work.
And if you can think about it that way, maybe it would be good to know the prominence of each of those layers. Now, currently, we do know that because we have checksums and we have a central authority called GitHub that verifies that that layer is the layer that I think it is.
But I think that there's a world beyond that sort of Microsoft will tell us if this is OK kind of world, right?
That's a really interesting use case.
Now, she got my brain really going into overdrive, it's like this could be used for distributed software
built on material checking and other things like, you know,
to ensure that CVEs have been patched,
like this, you know, historic ledger that's immutable
and, you know, agreed upon that we've, you know,
we know that there isn't a central actor
that can go back and change the record and say,
it was this checksum really.
Because if you're gonna be doing like a supply chain attack
or something, and that wasn't centralized, sorry, system
without the consensus, you could attack that part
of the supply chain as well and change the checksums.
And you've got no way of knowing the history of where that changed.
Whereas if you start to bring this into a blockchain in that immutable ledger, you've got history.
Did that checksum really change at that point or not?
And that looks like a really good use case.
Yeah, particularly as we're seeing this rise of, I can't remember the phrase for it, but setting up public repositories that match the name of private code repositories.
And that's one of the attack vectors that are being used to get hostile code inside your application. Again, if we were using, I'd rather have a good hash than just a checksum,
but have a chain of hashes that identify that this is still the latest version of the repo I'm expecting to use rather than some hostile repo that's come in and made changes that aren't validated.
It would be a huge benefit to be able to identify that and close out one of those attack vectors.
I'd also point out that unlike the application of blockchain in cryptocurrency and NFTs and so on,
blockchains don't necessarily have to be public. They can be private and yet still visible to
anybody that's participating in that blockchain.
Because one of the things I think that people have sort of, I don't know, learned about cryptocurrency is if you send somebody some Bitcoin, everybody knows that you sent that Bitcoin unless you do some nefarious thing to mix it and merge it.
But even there, you know, they apparently can kind of track through and figure it out to some extent. That may not be desirable in distributing system images
or verifying IoT devices or something.
You may not want everybody to see the entire history of the ledger,
but you probably do want everybody that's participating
in that community to see that.
And I think that that's, I guess, maybe a limiting factor
toward using this technology, that sort of public aspect.
So there's a few ways that you can kind of do that.
We do have private blockchains and there's quite a number of out there.
AWS have them, Microsoft have them, IBM have got some.
And yeah, for some of those use cases, you may want a private hidden away ledger, something that, you know, you want to keep to a certain community or whatever else.
But there's also ways of, you know, working with the public ones and still preserving some level of secrecy or privacy that you need.
It could be that you encrypt the data before it goes to the chain and only supply the keys to the participants.
It could be that you're using something that I don't know huge amounts,
but it gets used a lot in the discussions is like Merkle trees and Merkle proofs.
And you are only supplying one part. So you supply the root of the Merkle tree,
the hash from that and the amount of the positions in the tree.
You supply that data, but not all of the data.
And you can see if any part of it changed from the root, but you don't know the underlying
data necessarily.
And then there's something else that I've recently started reading about, and it's kind
of a new to me technology, but I believe they use it in sort of
AI ML and those things as well. It's called homomorphic encryption, where you can encrypt
the data and someone can work on it without decrypting it. And I think that's probably got a
huge place in these public systems in the future, Very early stages from what I understand.
It's used in some places.
It's only been around for a few years.
A guy from IBM, one of the people first to bring it to market.
But I think we're just at this great inflection point of technology
where so many things are changing and coming together
that we've got a really bright future for securing software for securing industry and
things like that i think it really is important as we we start thinking about this area of using
blockchain in real it is to try and throw off some of the stigma that came to blockchain with
with cryptocurrencies and nfts and the various bubbles that came along and look at it as an enabling
technology that's going to disappear under the covers eventually. It's going to become boring
and at that point it's actually going to be really useful. These things are often quite tightly
coupled together. But it does seem we're fairly early on in adoption and that a lot of the larger
enterprise organizations don't necessarily view
it as a necessary solution to problems. I think we're increasingly seeing that there are problems
that it can solve very well that are hard to solve in any other way. So I think you're right,
Jason, that there is quite a lot of future in blockchain as a solution to real world problems
rather than just a get rich quick scheme.
Yeah, absolutely.
And I mean, I was a skeptic at first when I started looking into this because I hadn't got the technology background.
I had the what's in the media.
I had the what do we hear about?
And, you know, the speculative nature of cryptocurrency is not very palatable for some people. But when I started really to look under the hood,
you've got some really amazing technology
with sound mathematical concepts
and sound security principles
that can be applied to large enterprise use cases
and even smaller enterprise use cases.
But they have a really good solution here for a lot of problems
that maybe we didn't realize we had. So as we spoke about software bill of materials or device
provenance, maybe we didn't realize until now that we have a solution for those waiting for us.
Yeah. And I think that that's really the root of what we've been trying to get at here on
utilizing tech this whole time.
I think it's easy to get wrapped up in the hype about technologies, whether it's AI or edge or
blockchain or IoT or whatever we want to talk about next. But, you know, I think it's incumbent
upon technology focused people like ourselves to really sort of say, wait, wait, wait,
let's not throw the baby out with the bath water.
Let's think about what makes sense here
in terms of how can we use this in appropriate way?
And unfortunately, a lot of blockchain has been tarred
by people in terms of thinking of it only as a cryptocurrency scam or something
like that. But that's not really what this technology could be. And similarly, I do have
to bring back up, proof of work is not the only technology out there. Yes, it is incredibly wasteful of energy. You're right, listener who's
yelling at me right now. But there are other proofs. So Ethereum has moved to proof of stake,
and it seems to be working pretty well. Chia uses proof of space and time. Actually, they call it space and time.
And that seems to be working okay, though it's kind of wasteful of something else and, you know,
storage. But, you know, there are aspects that we've talked about here in terms of, you know,
the consensus concepts, in terms of the ledger, the immutable ledger that isn't owned by any one
entity. You know, I love what Alistair said about, you know, hey, how do you know that those checksums
are right? Again, it all comes down to trust. What if you can't trust? And we have to figure
out a way around that. So that's, and the other thing I'll bring into it, again, I don't want to make it, I don't want to excuse a lot of the crazy stuff that's gone on with NFTs. But,
you know, if you look at a lot of these blockchains, they can do things other than
pass tokens around, they can be used for compute. And as well in some aspects. Now, I'm not saying
that we should have, you know, be running high performance computing on the blockchain. What I'm saying is that you can do things like smart contracts that aren't scams. And you could maybe use that in ways, you know, to have cryptographic security and things too. So to me, it does seem like there are applications of this, and I just can't wait to see where it goes in the future.
So thank you so much, Jason, for bringing this, utilizing buzzwords to our attention
and giving us a chance to sort of ponder about how this isn't just buzzwords and how this
is real and how this could be real in the future, especially with edge computing.
If people want to continue this conversation, Jason, where can they find you?
So I'm still on X, at J.A. Benedictzic.
I'm kind of fairly active there,
but I also write on my own site,
www.thedatacenterbrit.co.uk.
And obviously you can find some of the previous stuff
I've done with Tech Field Day.
And you can always catch me on LinkedIn.
I mean that's probably the most important place to get me and that's just my name Jason Berdich.
You can find me online as demitasnz or demitas.co.nz for my website and you'll find me in
person at future events Tech Field Day events as well as at the upcoming VMware Explore, VMworld Explore, in Barcelona in
November and looking forward to having more conversations about real world solutions with
technology. Yeah, absolutely. And I as well, you can find me here on Utilizing Edge weekly,
you can find me also most weeks in the on-premise IT podcast and the Gestalt IT news
rundown. And I am very much looking forward to our forthcoming Edge Field Day event. We've got
a really cool set of companies joining us. A lot of very familiar systems companies, let's say,
are going to be presenting there. I don't want to spill the
beans too much, but it looks like we may have pretty much the whole ecosystem of server platform
providers, at least interested, if not committed yet. And so to tune in for that. Also, if you've
enjoyed this conversation, we've had a lot of great conversations here on Utilizing Edge. So go to utilizingtech.com to find a complete list of these episodes. Season five, you can also find
season four, Utilizing CXL, and seasons one through three, which was Utilizing AI. Just go
to utilizingtech.com for that. This podcast is brought to you by gestaltit.com, your home for
IT coverage from across the enterprise. You can also find us on
Twitter or Mastodon at Utilizing Tech. Thanks for listening, and we will see you next week.